Tag: web server

Apache Security Update – a flaw In Apache can be used to carry out DoS. Slowloris is a new Apache DoS tool which can use slow Internet links to bring down Apache servers, rather than flooding networks. Most D/DoS tool requires faster net connections but this tool works with minimal bandwidth. This tool can lead to a DoS attack on Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid, while MS IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable to this attack.

Here I present an abbreviated explanation of the process of creating firewall and cluster objects. More detailed step-by-step guides are available in sections “Firewall Object” and “Cluster Object” of the Firewall Builder Users Guide.

A few days ago I noticed that NFS performance between a web server node and NFS server went down by 50%. NFS was optimized and the only thing was updated Red Hat kernel v5.2. I also noticed same trend on CentOS 5.2 64 bit edition.

Drupal is modular framework and content management system (CMS) and works under Lighttpd too. By default, Drupal passes path arguments to itself via its internally generated URLs. This small howto explains setting up clean url using Lighttpd web sever.

Gzip compression reduces response times by reducing the size of the HTTP response. This document describes gzipping http traffic which can reduces the response size by about 70%. Approximately 90% of today’s Internet traffic travels through browsers that claim to support compression.

Lighttpd web server will generate a directory listing if a directory is requested and no index-file was found in that directory. mod_dirlisting is one of the modules that is loaded by default and doesn’t have to be specified on server.modules to work.

Recently I wrote about installing and running Xcache under Red hat enterprise Linux and CentOS Linux. By default Xcache use /dev/zero for caching. All you have to do is create /dev/zero in chrooted jail. Type the following command (assuming that your jail is located at /lighttpd.jail directory):# mkdir -p /lighttpd.jail/dev # mknod -m 666 /lighttpd.jail/dev/zero c 1 5 Just restart your web server and xcache should work under chrooted lighttpd web server.

Step # 1: Login over ssh if server is outside your IDC

Step # 2: Enable client authentication

Once connected, you need edit the PostgreSQL configuration file, edit the PostgreSQL configuration file /var/lib/pgsql/data/pg_hba.conf (or /etc/postgresql/8.2/main/pg_hba.conf for latest 8.2 version) using a text editor such as vi.

Login as postgres user using su / sudo command, enter:$ su - postgres Edit the file:$ vi /var/lib/pgsql/data/pg_hba.conf OR$ vi /etc/postgresql/8.2/main/pg_hba.conf Append the following configuration lines to give access to 10.10.29.0/24 network:host all all 10.10.29.0/24 trust Save and close the file. Make sure you replace 10.10.29.0/24 with actual network IP address range of the clients system in your own network.

Step # 2: Enable networking for PostgreSQL

You need to enable TCP / IP networking. Use either step #3 or #3a as per your PostgreSQL database server version.

Step # 3: Allow TCP/IP socket

If you are using PostgreSQL version 8.x or newer use the following instructions or skip to Step # 3a for older version (7.x or older).

You need to open PostgreSQL configuration file /var/lib/pgsql/data/postgresql.conf or /etc/postgresql/8.2/main/postgresql.conf.# vi /etc/postgresql/8.2/main/postgresql.conf OR# vi /var/lib/pgsql/data/postgresql.conf Find configuration line that read as follows:listen_addresses='localhost' Next set IP address(es) to listen on; you can use comma-separated list of addresses; defaults to ‘localhost’, and ‘*’ is all ip address:listen_addresses='*' Or just bind to 202.54.1.2 and 202.54.1.3 IP addresslisten_addresses='202.54.1.2 202.54.1.3' Save and close the file. Skip to step # 4.

Step #3a – Information for old version 7.x or older

Following configuration only required for PostgreSQL version 7.x or older. Open config file, enter:# vi /var/lib/pgsql/data/postgresql.conf Bind and open TCP/IP port by setting tcpip_socket to true. Set / modify tcpip_socket to true:tcpip_socket = true Save and close the file.